All the vulnerabilites related to cloudera - cdh
cve-2013-6446
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
References
▼ | URL | Tags |
---|---|---|
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97068 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:39:01.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n" }, { "name": "97068", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97068" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-10-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-27T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n" }, { "name": "97068", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97068" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n" }, { "name": "97068", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97068" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6446", "datePublished": "2017-03-23T20:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-17860
Vulnerability from cvelistv5
Published
2019-11-26 14:11
Modified
2024-08-05 10:54
Severity ?
EPSS score ?
Summary
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:54:10.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T14:11:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" }, { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb", "refsource": "CONFIRM", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17860", "datePublished": "2019-11-26T14:11:35", "dateReserved": "2018-10-01T00:00:00", "dateUpdated": "2024-08-05T10:54:10.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0229
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
References
▼ | URL | Tags |
---|---|---|
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-23T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0229", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0229", "datePublished": "2017-03-23T20:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-7831
Vulnerability from cvelistv5
Published
2019-11-26 13:58
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:58:59.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T13:58:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v", "refsource": "MISC", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7831", "datePublished": "2019-11-26T13:58:47", "dateReserved": "2015-10-14T00:00:00", "dateUpdated": "2024-08-06T07:58:59.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4572
Vulnerability from cvelistv5
Published
2019-11-26 13:51
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:32:25.778Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T13:51:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4572", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb", "refsource": "MISC", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4572", "datePublished": "2019-11-26T13:51:20", "dateReserved": "2016-05-09T00:00:00", "dateUpdated": "2024-08-06T00:32:25.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6353
Vulnerability from cvelistv5
Published
2019-11-26 13:48
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:29:19.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T13:48:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6353", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165", "refsource": "MISC", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6353", "datePublished": "2019-11-26T13:48:22", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:19.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3131
Vulnerability from cvelistv5
Published
2019-11-26 13:57
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:47:57.273Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T13:57:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3131", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120", "refsource": "MISC", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3131", "datePublished": "2019-11-26T13:57:45", "dateReserved": "2016-03-13T00:00:00", "dateUpdated": "2024-08-05T23:47:57.273Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6605
Vulnerability from cvelistv5
Published
2017-04-10 14:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
References
▼ | URL | Tags |
---|---|---|
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:28.626Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-04-10T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6605", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6605", "datePublished": "2017-04-10T14:00:00", "dateReserved": "2016-08-05T00:00:00", "dateUpdated": "2024-08-06T01:36:28.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-9325
Vulnerability from cvelistv5
Published
2019-07-03 16:23
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
References
▼ | URL | Tags |
---|---|---|
https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:02:44.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-03T16:23:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9325", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9325", "datePublished": "2019-07-03T16:23:05", "dateReserved": "2017-05-31T00:00:00", "dateUpdated": "2024-08-05T17:02:44.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-7319
Vulnerability from cvelistv5
Published
2019-11-26 15:22
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:46:46.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T15:22:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7319", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" }, { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b", "refsource": "CONFIRM", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7319", "datePublished": "2019-11-26T15:22:11", "dateReserved": "2019-02-04T00:00:00", "dateUpdated": "2024-08-04T20:46:46.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-5724
Vulnerability from cvelistv5
Published
2019-11-26 13:49
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:08:00.559Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-26T13:49:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166", "refsource": "MISC", "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5724", "datePublished": "2019-11-26T13:49:57", "dateReserved": "2016-06-17T00:00:00", "dateUpdated": "2024-08-06T01:08:00.559Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2019-07-03 17:15
Modified
2024-11-21 03:35
Severity ?
Summary
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F9C307E-88BC-4A70-80C0-77B876A0D9CD", "versionEndIncluding": "5.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "55010C94-40AB-464B-B19C-E7D35CAC1862", "versionEndIncluding": "5.9.2", "versionStartIncluding": "5.8.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CEA2DB4-19CD-4B5B-A07B-6EBE7101E362", "versionEndIncluding": "5.10.1", "versionStartIncluding": "5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B87564F-1DBF-418A-BBAA-E850089CDA03", "versionEndIncluding": "5.11.1", "versionStartIncluding": "5.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs." }, { "lang": "es", "value": "La configuraci\u00f3n de ejemplo de solrconfig.xml segura provista no impone la autorizaci\u00f3n de Sentry en / update / json / docs." } ], "id": "CVE-2017-9325", "lastModified": "2024-11-21T03:35:49.967", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-03T17:15:09.610", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-285" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 14:15
Modified
2024-11-21 02:55
Severity ?
Summary
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6EBFB12-280E-45E4-A52D-110A61D7BE5F", "versionEndExcluding": "5.7.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler." }, { "lang": "es", "value": "Cloudera Search en CDH versiones anteriores a 5.7.0, permite el acceso no autorizado a documentos porque las Consultas Solr por identificaci\u00f3n de documento pueden omitir la seguridad a nivel de documento Sentry por medio de la funci\u00f3n RealTimeGetHandler." } ], "id": "CVE-2016-6353", "lastModified": "2024-11-21T02:55:57.717", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T14:15:11.330", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 16:15
Modified
2024-11-21 04:48
Severity ?
Summary
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FCBA882-82E1-42BD-BE11-703560452A89", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BF59504-AD91-494C-A9A6-FD53E9F5714B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BE4C218-905A-4091-A10C-70E9D7B53DA1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges." }, { "lang": "es", "value": "Se detect\u00f3 un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticaci\u00f3n: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend u OAuthBackend, los usuarios externos son creados con privilegios de superusuario." } ], "id": "CVE-2019-7319", "lastModified": "2024-11-21T04:48:00.303", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T16:15:14.057", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 14:15
Modified
2024-11-21 02:54
Severity ?
Summary
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FE66A81-E123-42DE-AFCF-6E7ABB94D9E6", "versionEndExcluding": "5.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles." }, { "lang": "es", "value": "Cloudera CDH versiones anteriores a 5.9, presenta Informaci\u00f3n Potencialmente Confidencial en Paquetes de Soporte de Diagn\u00f3stico." } ], "id": "CVE-2016-5724", "lastModified": "2024-11-21T02:54:53.623", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T14:15:11.267", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 14:15
Modified
2024-11-21 02:37
Severity ?
Summary
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB274FE2-6052-4E84-BE19-38307E81CACC", "versionEndExcluding": "5.4.9", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used." }, { "lang": "es", "value": "En Cloudera Hue, un usuario de solo lectura puede escalar privilegios cuando se utiliza CDH versiones 5.x anteriores a 5.4.9." } ], "id": "CVE-2015-7831", "lastModified": "2024-11-21T02:37:29.313", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T14:15:11.017", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 15:15
Modified
2024-11-21 03:55
Severity ?
Summary
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE90091-93CF-4CD1-9BF6-1785D5FE7114", "versionEndIncluding": "5.14.0", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "3470CD2C-993B-4EBE-B789-D72291F6BA15", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "57FD7A6A-91E1-40F0-930E-7EA0EBE2D989", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FCBA882-82E1-42BD-BE11-703560452A89", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BF59504-AD91-494C-A9A6-FD53E9F5714B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1." }, { "lang": "es", "value": "Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1." } ], "id": "CVE-2018-17860", "lastModified": "2024-11-21T03:55:04.547", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T15:15:11.800", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-10 14:59
Modified
2024-11-21 02:56
Severity ?
Summary
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cloudera | cdh | 5.2.0 | |
cloudera | cdh | 5.2.1 | |
cloudera | cdh | 5.2.2 | |
cloudera | cdh | 5.2.3 | |
cloudera | cdh | 5.2.4 | |
cloudera | cdh | 5.2.5 | |
cloudera | cdh | 5.2.6 | |
cloudera | cdh | 5.3.0 | |
cloudera | cdh | 5.3.1 | |
cloudera | cdh | 5.3.2 | |
cloudera | cdh | 5.3.3 | |
cloudera | cdh | 5.3.4 | |
cloudera | cdh | 5.3.5 | |
cloudera | cdh | 5.3.6 | |
cloudera | cdh | 5.3.7 | |
cloudera | cdh | 5.3.8 | |
cloudera | cdh | 5.3.9 | |
cloudera | cdh | 5.3.10 | |
cloudera | cdh | 5.4.0 | |
cloudera | cdh | 5.4.1 | |
cloudera | cdh | 5.4.2 | |
cloudera | cdh | 5.4.3 | |
cloudera | cdh | 5.4.4 | |
cloudera | cdh | 5.4.5 | |
cloudera | cdh | 5.4.6 | |
cloudera | cdh | 5.4.7 | |
cloudera | cdh | 5.4.8 | |
cloudera | cdh | 5.4.9 | |
cloudera | cdh | 5.4.10 | |
cloudera | cdh | 5.4.11 | |
cloudera | cdh | 5.5.0 | |
cloudera | cdh | 5.5.1 | |
cloudera | cdh | 5.5.2 | |
cloudera | cdh | 5.5.3 | |
cloudera | cdh | 5.5.4 | |
cloudera | cdh | 5.5.5 | |
cloudera | cdh | 5.5.6 | |
cloudera | cdh | 5.6.0 | |
cloudera | cdh | 5.6.1 | |
cloudera | cdh | 5.7.0 | |
cloudera | cdh | 5.7.1 | |
cloudera | cdh | 5.7.2 | |
cloudera | cdh | 5.8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D6CC1BD-4A89-4E35-9960-663C3680AB66", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBF2BFFA-9C9D-40C8-A5E1-F7D7F72044B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9ACDD34-8043-4F94-8BE2-FC836575338C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "13E6EA6D-5473-41AE-81F1-9996AD458BF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "BEAC2D81-4B44-49BE-883A-5477320AE8DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6034866D-A896-4AFE-9EDF-E021CA1C4CFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "814B29A3-5EF3-4225-A2D3-F1714484FB7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "613FF93C-3186-48E4-B549-66FDF52B361B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B7F056A-1186-43ED-B748-D8ECFDF4311F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "471102DD-5589-4A46-A733-27127B292D4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "72E0B0E1-4A7B-4364-BE3E-426C66E16CB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "7EAB1666-E7EF-4652-9972-94FB1ACB3FF2", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "83792524-F31C-48A8-9C0A-27806F58E974", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "92A1893E-108B-451C-8663-756A420DA54C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "E5FFBA45-DD76-49AB-B6E9-E7247E72E9F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "FE6261D0-B6AA-455C-8C72-2839649B2509", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "510E937F-9CB0-4E07-B928-26492AE107A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "F28AFA4C-AD43-47D2-99E6-E1C8A94908AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D673E85-1456-4100-AC62-84EB2AD69481", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CAB77F6D-801E-4C1A-BFBE-0FB9AE7AEA3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "18BBCD80-7158-4B3B-941E-A94A567688A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "98341E9C-2B10-4460-80B3-0287ED89BCF4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "FD5D5EAD-4869-41D0-9144-A50222D1447E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "6EB6DC29-9762-4AF8-B521-BC6F60D3294D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A05A540-C651-4651-B553-9FC6C621604E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7D3A6-B0EB-45CA-8EB5-60E2938A6BC9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "57726EB2-58C2-4407-879D-47404D4F7253", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "8E23D25C-EAC3-450A-81DF-B2889A6BE73E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "76E9BDD1-0485-418E-8A75-2846D448451B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "95F81F00-56F5-4C17-ABDB-E1670A48F7D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DBD38CA-E5E3-450C-B5CF-5ACDF99924CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F6F68F4-538B-4080-847A-300C168FC258", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C2E3282-8F74-43C7-8C2B-984B58F86D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "DC306BB1-E01C-43E1-ACE1-759A703D5D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "858B8A48-5835-49E5-9CA8-EAEAAA6597DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F27CA3DE-DA96-41A7-931C-3DEEEBE8D833", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "FB7B6FED-5A57-403C-83E4-8D9780EA1B63", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B445F1D2-CB34-4BC8-B870-D7CF065EC36D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7922C91D-F7C9-48ED-BDAE-8C88DEB3EA8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2304AA62-575C-4144-840C-0BFD98F89A97", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "4CF9E5E9-F8A3-434D-A185-C38258B5D2C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF78A4BF-BC24-4DE0-8961-A9BB6564CA7B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization." }, { "lang": "es", "value": "Impala en CDH desde 5.2.0 hasta la versi\u00f3n 5.7.2 y 5.8.0 permite a atacantes remotos eludir la autorizaci\u00f3n de Setry." } ], "id": "CVE-2016-6605", "lastModified": "2024-11-21T02:56:25.610", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-10T14:59:00.247", "references": [ { "source": "cve@mitre.org", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-03-23 20:59
Modified
2024-11-21 02:01
Severity ?
Summary
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cloudera | cdh | 5.0.0 | |
cloudera | cdh | 5.0.0 | |
cloudera | cdh | 5.0.0 | |
apache | hadoop | 0.23.0 | |
apache | hadoop | 0.23.1 | |
apache | hadoop | 0.23.3 | |
apache | hadoop | 0.23.4 | |
apache | hadoop | 0.23.5 | |
apache | hadoop | 0.23.6 | |
apache | hadoop | 0.23.7 | |
apache | hadoop | 0.23.8 | |
apache | hadoop | 0.23.9 | |
apache | hadoop | 0.23.10 | |
apache | hadoop | 2.0.0 | |
apache | hadoop | 2.0.1 | |
apache | hadoop | 2.0.2 | |
apache | hadoop | 2.0.3 | |
apache | hadoop | 2.0.4 | |
apache | hadoop | 2.0.5 | |
apache | hadoop | 2.0.6 | |
apache | hadoop | 2.1.0 | |
apache | hadoop | 2.1.1 | |
apache | hadoop | 2.2.0 | |
apache | hadoop | 2.3.0 | |
apache | hadoop | 2.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEFFAE88-DD05-4431-A011-385D48033BE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "BF18527D-BF9B-4495-AF89-F976322E3A69", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "029481B4-F0BC-4C44-B5DB-4AE66AE92334", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "501DBE03-139A-46E9-BFD5-B7D8245AD2C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD95328D-ED9A-4889-96E7-C7B3041745FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*", "matchCriteriaId": "65899B21-D364-4E6D-8E82-1D408BA4E2A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*", "matchCriteriaId": "5512B2DD-5136-4215-899C-FB48AFA8A2CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*", "matchCriteriaId": "68A3493C-3D69-46A9-920A-8BB44B090609", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*", "matchCriteriaId": "74588026-F427-4E31-89FA-FFCE5B2EC108", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*", "matchCriteriaId": "1FD4F0BA-614B-47A9-B916-DD1400FCE532", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*", "matchCriteriaId": "3D8C1670-EFEF-409B-B985-5815B6791B24", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*", "matchCriteriaId": "EF986316-0FB8-4AF9-B372-4FC53C957D8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "11B47B33-C54B-47F7-8AB7-90A589EED6F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command." }, { "lang": "es", "value": "Apache Hadoop 0.23.x en versiones anteriores a 0.23.11 y 2.x en versiones anteriores a 2.4.1, como se utiliza en Cloudera CDH 5.0.x en versiones anteriores a 5.0.2, no verifica la autorizaci\u00f3n para los comandos de administraci\u00f3n HDFS (1) refreshNamenodes, (2) deleteBlockPool y (3) ShutdownDatanode, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (cierre de DataNodes) o realizar operaciones innecesarias emitiendo un comando." } ], "id": "CVE-2014-0229", "lastModified": "2024-11-21T02:01:42.633", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-03-23T20:59:00.203", "references": [ { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 14:15
Modified
2024-11-21 02:52
Severity ?
Summary
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DBD38CA-E5E3-450C-B5CF-5ACDF99924CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F6F68F4-538B-4080-847A-300C168FC258", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C2E3282-8F74-43C7-8C2B-984B58F86D5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "DC306BB1-E01C-43E1-ACE1-759A703D5D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "858B8A48-5835-49E5-9CA8-EAEAAA6597DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B445F1D2-CB34-4BC8-B870-D7CF065EC36D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7922C91D-F7C9-48ED-BDAE-8C88DEB3EA8B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges." }, { "lang": "es", "value": "En Cloudera CDH versiones anteriores a 5.7.1, los comandos Impala REVOKE ALL ON SERVER no revocan todos los privilegios." } ], "id": "CVE-2016-4572", "lastModified": "2024-11-21T02:52:31.257", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T14:15:11.203", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-03-23 20:59
Modified
2024-11-21 01:59
Severity ?
Summary
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/97068 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97068 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cloudera | cdh | 4.0.0 | |
cloudera | cdh | 4.0.1 | |
cloudera | cdh | 4.1.0 | |
cloudera | cdh | 4.1.1 | |
cloudera | cdh | 4.1.2 | |
cloudera | cdh | 4.1.3 | |
cloudera | cdh | 4.1.4 | |
cloudera | cdh | 4.1.5 | |
cloudera | cdh | 4.2.0 | |
cloudera | cdh | 4.2.1 | |
cloudera | cdh | 4.2.2 | |
cloudera | cdh | 4.3.0 | |
cloudera | cdh | 4.3.1 | |
cloudera | cdh | 4.3.2 | |
cloudera | cdh | 4.4.0 | |
cloudera | cdh | 4.5.0 | |
cloudera | cdh | 5.0.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "30715E47-3508-4413-9AF0-F7A5494BD3DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "12AFC1A8-B5C1-4704-9208-66A7C58AFF66", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D6CA009-5032-4FE5-8BE6-D00C7DFEB162", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C243346-5F50-4C18-9DAE-A5828BA7DC3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D790D3B1-14A3-48D7-BA84-596D00F0793F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A10C11CC-2C96-4CF0-BC66-7C5A9425A20A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6718CB4-3D73-4E4F-B54C-EBF944D73352", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BE609BC8-D73F-4032-AA71-E5F64910A2B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "935C3F63-BF05-4D0C-8C0A-55A8E5AFF8E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5A293DE-E885-4BCA-9807-AFEFFE33AC41", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA74529E-7E6B-410C-96E0-6437C7D674C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C9EFF66-7D5E-4E2B-AA8C-B75E4EACF6CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F33CA6D5-3BE7-4385-B67D-D983DFD0CBC5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "031729AF-F9E6-479D-90FE-FA7C1E33104F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9F8B080-BF55-4B31-B122-6F3C64C75ADD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCAA7878-70CE-470C-8889-CB13A71FC2ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs." }, { "lang": "es", "value": "El JobHistory Server en Cloudera CDH 4.x en versiones anteriores a 4.6.0 y 5.x en versiones anteriores a 5.0.0 Beta 2, cuando se utiliza MRv2/YARN con autenticaci\u00f3n HTTP, permite a usuarios remotos autenticados obtener informaci\u00f3n de trabajo sensible aprovechando el fallo para aplicar ACLs de trabajo." } ], "id": "CVE-2013-6446", "lastModified": "2024-11-21T01:59:14.887", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-03-23T20:59:00.173", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97068" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97068" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-26 14:15
Modified
2024-11-21 02:49
Severity ?
Summary
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0635C6-0AA7-48A9-B50B-1F76A443A850", "versionEndExcluding": "5.3.10", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "12661B00-D39A-437C-9F9D-6439F231F676", "versionEndExcluding": "5.4.10", "versionStartIncluding": "5.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F464E81-6C00-4195-AC5D-29E8F7E24D85", "versionEndExcluding": "5.5.4", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls." }, { "lang": "es", "value": "Cloudera CDH versiones anteriores a 5.6.1, permite la omisi\u00f3n de autorizaci\u00f3n por medio de llamadas de la API internas y directas." } ], "id": "CVE-2016-3131", "lastModified": "2024-11-21T02:49:26.397", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-26T14:15:11.080", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }